Re: [6man] Stable privacy addresses (upcoming rev)
Ray Hunter <v6ops@globis.net> Fri, 30 March 2012 20:50 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB7B921F8642 for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 13:50:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.451
X-Spam-Level:
X-Spam-Status: No, score=-2.451 tagged_above=-999 required=5 tests=[AWL=0.147, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oIznmOetxjDI for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 13:50:49 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id D195A21F85FD for <ipv6@ietf.org>; Fri, 30 Mar 2012 13:50:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id E17808700E7; Fri, 30 Mar 2012 22:50:46 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9jV1YxkhTClz; Fri, 30 Mar 2012 22:50:35 +0200 (CEST)
Received: from Rays-iMac.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id ADFF9870064; Fri, 30 Mar 2012 22:50:35 +0200 (CEST)
Message-ID: <4F761C9B.8010409@globis.net>
Date: Fri, 30 Mar 2012 22:50:35 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox Express 1.0.1 (Macintosh/20100705)
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [6man] Stable privacy addresses (upcoming rev)
References: <4F7333F9.9090007@si6networks.com> <4F75AF50.5000308@globis.net> <4F760DC9.8090109@gmail.com>
In-Reply-To: <4F760DC9.8090109@gmail.com>
Content-Type: multipart/alternative; boundary="------------040404070401020705030803"
Cc: Fernando Gont <fgont@si6networks.com>, "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2012 20:50:49 -0000
Brian E Carpenter wrote: > Ray, > > On 2012-03-31 02:04, Ray Hunter wrote: > ... > >> The idea being that authorized persons e.g. law enforcement and network >> managers SHOULD be able to correlate activity at a later date (for legal >> compliance, logging, fault finding etc.) whilst an attacker or >> unauthorized person SHOULD NOT. >> > > If you were a blogger sitting in an Internet cafe in a country governed > by a repressive regime, you would probably hold a different view. > > Brian > Please let's not take this out of context. We're talking about obfuscating interface identifiers. If I'm sat in an Internet cafe in a repressive regime (and I have visited and worked in various countries around the World, including one that fingerprinted me on entry, one that took a full body scan capable of looking through clothes, and one which is known to operate firewalls and passive monitoring on all International links), obfuscating an interface identifier is not going to protect my rights. That repressive regime would anyway likely have access to a copy of my passport or ID card, my network login credentials, the time I entered the Internet cafe, which seat I was sat on, a report from my neighbors, details of my phone's SIM card, man in the middle HTTPS monitoring, my MAC address, the /64 prefix I was using, a key logger running on the ISP host, a camera pointed at the screen ..... I do not attempt to define "authorized persons" any further than providing an example. I express no preference whatsoever on the question of whether privacy is desirable or not on this list, nor to what standard, nor where the balance lies between rights of the state or corporation and the rights of the individual, nor whether particular laws are sensible or not. I'm just trying to comply with local laws when giving advice to companies operating in countries where I provide consultancy. And many of those local laws include a requirement for corporations to retain a log of IP addresses, network communications, and user credentials for several months, and to provide access to this information to "authorized persons" when necessary, even though they are some of the most liberal regimes in the World. regards, RayH
- Stable privacy addresses (upcoming rev) Fernando Gont
- Re: Stable privacy addresses (upcoming rev) Tassos Chatzithomaoglou
- Re: Stable privacy addresses (upcoming rev) Fernando Gont
- Re: [6man] Stable privacy addresses (upcoming rev) Ray Hunter
- Re: [6man] Stable privacy addresses (upcoming rev) Brian E Carpenter
- Re: [6man] Stable privacy addresses (upcoming rev) Fernando Gont
- Re: [6man] Stable privacy addresses (upcoming rev) Ray Hunter
- RE: [6man] Stable privacy addresses (upcoming rev) Christian Huitema
- Re: [6man] Stable privacy addresses (upcoming rev) Fernando Gont
- Re: [6man] Stable privacy addresses (upcoming rev) Fred Baker
- Re: [6man] Stable privacy addresses (upcoming rev) Fernando Gont